Data is the lifeblood of every modern business establishment. Companies rely on data to make informed decisions, serve customers, and stay ahead of competitors. However, with the increasing sophistication and frequency of cyberattacks, the threat of data loss has never been greater. Organizations are increasingly targeted by ransomware that locks them out of their critical infrastructure and business systems until a ransom is paid. A standard solution to evade such an event is to create a data backup system that allows organizations to have a duplicate copy of their data as a fallback strategy in the case of a ransomware attack. However, contemporary cyberattack sophistication often involves malicious malware that penetrates and deletes these backups and locks the organization out of its system to demand an even more enormous ransom.
This growing trend shows that traditional security models, such as perimeter-based defenses and trust-based access controls, are no longer sufficient to protect against advanced cyber threats. This has made it imperative for progressive-thinking organizations to embrace a zero-trust security model that relies solely on continuous verification to grant access to resources. And in the case of a cyberattack, it uses an immutable backup strategy that can guarantee swift restoration of services.
Data is the lifeblood of every modern business establishment. Companies rely on data to make informed decisions, serve customers, and stay ahead of competitors. However, with the increasing sophistication and frequency of cyberattacks, the threat of data loss has never been greater. Organizations are increasingly targeted by ransomware that locks them out of their critical infrastructure and business systems until a ransom is paid. A standard solution to evade such an event is to create a data backup system that allows organizations to have a duplicate copy of their data as a fallback strategy in the case of a ransomware attack. However, contemporary cyberattack sophistication often involves malicious malware that penetrates and deletes these backups and locks the organization out of its system to demand an even more enormous ransom.
This growing trend shows that traditional security models, such as perimeter-based defenses and trust-based access controls, are no longer sufficient to protect against advanced cyber threats. This has made it imperative for progressive-thinking organizations to embrace a zero-trust security model that relies solely on continuous verification to grant access to resources. And in the case of a cyberattack, it uses an immutable backup strategy that can guarantee swift restoration of services.
Zero Trust Architecture: What is it About?
Many cybersecurity compromises originate from trusting a network or device based on previous legitimate access. This is a vulnerability exploited by threat actors who target devices that have access to the network and use it as a steppingstone to gain entry into their target environment—the organization’s infrastructure.
Zero trust architecture assumes all users, devices, and applications are untrusted by default, regardless of location. Access to resources is restricted and granted based on continuous verification of user identity, device integrity, and application behavior. A zero-trust architecture minimizes the risk of data breaches by focusing on protecting data, applications, and internal systems.
As mapped out by the NIST SP 800-207, a zero-trust architecture is designed with adherence to seven basic principles. These principles include:
- All devices, including small-footprint ones, are considered resources in a zero-trust architecture. Personally owned devices may also be classified as resources if they can access enterprise-owned resources.
- Regardless of network location, all communication must be secure. Access requests from enterprise-owned network infrastructure devices must meet the security requirements of non-enterprise-owned networks. Trust should not be granted based on a network location. Communication should be done securely while protecting confidentiality and integrity and providing source authentication.
- Access to individual enterprise resources is granted on a per-session basis, with trust in the requester being evaluated before access is granted. Access should be granted with the least privileges necessary to complete the task, and authentication and authorization for one resource do not automatically grant access to another.
- Access to resources is determined by a dynamic policy based on client identity, application, or service, requesting asset state, and other behavioral and environmental attributes. This policy is based on the needs of the business process and an acceptable level of risk, and access rules are assigned to subjects, data assets, or applications based on attributes. Resource access and action permission policies can vary based on resource or data sensitivity.
- All owned and associated assets’ integrity and security posture are monitored and measured in a zero-trust architecture, with no asset inherently trusted. An enterprise should establish a continuous diagnostics and mitigation (CDM) system to monitor device and application states and apply patches and fixes. Devices owned by or associated with the enterprise deemed to be in their most secure state are treated differently from those that are subverted or have known vulnerabilities and are not managed by the enterprise. This may also apply to associated devices allowing access to some resources but not others.
- All resource authentication and authorization are dynamic and strictly enforced before access is allowed, with constant cycles of obtaining access, scanning and assessing threats, adapting, and continually reevaluating trust in ongoing communication. An enterprise should have Identity, Credential, and Access Management (ICAM) and asset management systems in place, including multifactor authentication for access to some or all enterprise resources. Continual monitoring with possible reauthentication and reauthorization occurs throughout user transactions as defined and enforced by policy.
- The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communications and uses it to improve its security posture. Data about asset security posture, network traffic, and access requests are collected and processed to provide insights to improve policy creation and enforcement. This data can also be used to provide context for access requests from subjects.
Zero Trust Architecture: What is it About?
Many cybersecurity compromises originate from trusting a network or device based on previous legitimate access. This is a vulnerability exploited by threat actors who target devices that have access to the network and use it as a steppingstone to gain entry into their target environment—the organization’s infrastructure.
Zero trust architecture assumes all users, devices, and applications are untrusted by default, regardless of location. Access to resources is restricted and granted based on continuous verification of user identity, device integrity, and application behavior. A zero-trust architecture minimizes the risk of data breaches by focusing on protecting data, applications, and internal systems.
As mapped out by the NIST SP 800-207, a zero-trust architecture is designed with adherence to seven basic principles. These principles include:
- All devices, including small-footprint ones, are considered resources in a zero-trust architecture. Personally owned devices may also be classified as resources if they can access enterprise-owned resources.
- Regardless of network location, all communication must be secure. Access requests from enterprise-owned network infrastructure devices must meet the security requirements of non-enterprise-owned networks. Trust should not be granted based on a network location. Communication should be done securely while protecting confidentiality and integrity and providing source authentication.
- Access to individual enterprise resources is granted on a per-session basis, with trust in the requester being evaluated before access is granted. Access should be granted with the least privileges necessary to complete the task, and authentication and authorization for one resource do not automatically grant access to another.
- Access to resources is determined by a dynamic policy based on client identity, application, or service, requesting asset state, and other behavioral and environmental attributes. This policy is based on the needs of the business process and an acceptable level of risk, and access rules are assigned to subjects, data assets, or applications based on attributes. Resource access and action permission policies can vary based on resource or data sensitivity.
- All owned and associated assets’ integrity and security posture are monitored and measured in a zero-trust architecture, with no asset inherently trusted. An enterprise should establish a continuous diagnostics and mitigation (CDM) system to monitor device and application states and apply patches and fixes. Devices owned by or associated with the enterprise deemed to be in their most secure state are treated differently from those that are subverted or have known vulnerabilities and are not managed by the enterprise. This may also apply to associated devices allowing access to some resources but not others.
- All resource authentication and authorization are dynamic and strictly enforced before access is allowed, with constant cycles of obtaining access, scanning and assessing threats, adapting, and continually reevaluating trust in ongoing communication. An enterprise should have Identity, Credential, and Access Management (ICAM) and asset management systems in place, including multifactor authentication for access to some or all enterprise resources. Continual monitoring with possible reauthentication and reauthorization occurs throughout user transactions as defined and enforced by policy.
- The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communications and uses it to improve its security posture. Data about asset security posture, network traffic, and access requests are collected and processed to provide insights to improve policy creation and enforcement. This data can also be used to provide context for access requests from subjects.
Immutable Backups: A Zero Trust Recovery Model
Immutable backups refer to creating and storing data backups in a way that prevents them from being changed or modified. Once a backup is created and marked as immutable, it becomes read-only by reducing the object storage to a “write once, read many” (WORM) solution. No one can alter it, not even those with administrator privileges.
Immutable backups differ from traditional backups—which allow for modification and deletion. Traditional backups can be overwritten, resulting in data loss, and making systems susceptible to tampering and ransomware attacks. On the other hand, immutable backups offer an additional layer of protection against these attacks and ensure that the backup data is always available and unaltered by relying on zero-trust principles.
The most common form of immutable backup uses cloud storage with immutable storage options. Backups are created by copying data bits to cloud storage, where the blocks are stored as authoritative data sets. To ensure data immutability, the admin sets an immutability flag after copying the data to the cloud, which locks it and prevents accidental deletion, corruption, and malware infections. Many cloud storage providers also have a feature that allows you to set a specific timeframe for the flag, such as 30 days, during which you cannot modify or delete the backups.
As we’ve learned throughout this article, implementing a zero-trust data recovery model through immutable storage offers several benefits, such as protecting against ransomware and other malicious attacks, preventing accidental data loss, reducing the complexity of backup management, and significantly increasing the reliability and accessibility of data backups.
Immutable Backups: A Zero Trust Recovery Model
Immutable backups refer to creating and storing data backups in a way that prevents them from being changed or modified. Once a backup is created and marked as immutable, it becomes read-only by reducing the object storage to a “write once, read many” (WORM) solution. No one can alter it, not even those with administrator privileges.
Immutable backups differ from traditional backups—which allow for modification and deletion. Traditional backups can be overwritten, resulting in data loss, and making systems susceptible to tampering and ransomware attacks. On the other hand, immutable backups offer an additional layer of protection against these attacks and ensure that the backup data is always available and unaltered by relying on zero-trust principles.
The most common form of immutable backup uses cloud storage with immutable storage options. Backups are created by copying data bits to cloud storage, where the blocks are stored as authoritative data sets. To ensure data immutability, the admin sets an immutability flag after copying the data to the cloud, which locks it and prevents accidental deletion, corruption, and malware infections. Many cloud storage providers also have a feature that allows you to set a specific timeframe for the flag, such as 30 days, during which you cannot modify or delete the backups.
As we’ve learned throughout this article, implementing a zero-trust data recovery model through immutable storage offers several benefits, such as protecting against ransomware and other malicious attacks, preventing accidental data loss, reducing the complexity of backup management, and significantly increasing the reliability and accessibility of data backups.
Get in touch with DTS Solution to get started with your journey to a full-proof and ransomware-proof data recovery strategy through immutable backups.
See also: